CPP: Use dataflow to find wrapped rounding functions.

Author: geoffw0

cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql

@@ -10,6 +10,7 @@
  */
 
 import cpp
+import semmle.code.cpp.dataflow.DataFlow
 
 predicate whitelist(Function f) {
   exists(string fName |
@@ -52,14 +53,10 @@ predicate whitelistPow(FunctionCall fc) {
 predicate whiteListWrapped(FunctionCall fc) {
   whitelist(fc.getTarget()) or
   whitelistPow(fc) or
-  exists(ReturnStmt rs |
-    rs.getEnclosingFunction() = fc.getTarget() and
-    whiteListWrapped(rs.getExpr())
-  ) or
-  exists(ReturnStmt rs, Variable v |
-    rs.getEnclosingFunction() = fc.getTarget() and
-    rs.getExpr().(VariableAccess).getTarget() = v and
-    whiteListWrapped(v.getAnAssignedValue())
+  exists(Expr e, ReturnStmt rs |
+    whiteListWrapped(e) and
+    DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rs.getExpr())) and
+    fc.getTarget() = rs.getEnclosingFunction()
   )
 }
 

cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/ImplicitDowncastFromBitfield.expected

@@ -7,4 +7,3 @@
 | test.cpp:101:10:101:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:103:10:103:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:105:10:105:12 | call to pow | Return value of type double is implicitly converted to int here. |
-| test.cpp:130:10:130:17 | call to myRound3 | Return value of type double is implicitly converted to int here. |

cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/test.cpp

@@ -127,5 +127,5 @@ void test3()
 {
 	int i = myRound1(1.5); // GOOD
 	int j = myRound2(2.5); // GOOD
-	int k = myRound3(3.5); // GOOD [FALSE POSITIVE]
+	int k = myRound3(3.5); // GOOD
 }